Merge branch 'wireless'

John W. Linville says: ==================== Please consider this pull request for the 3.8 stream... Included is a bluetooth pull. Gustavo says: "Two simple fixes for 3.8. One of the patches fixes a situation where the connection wasn't terminated if a timeout ocurrs for LE an SCO connections. The other fixes prevent NULL dereference in the SMP code, it is a security fix as well." Along with those... Hauke Mehrtens provides a couple of ssb and bcma bus fixes that prevent oopses when unloading those modules. Larry Finger provides and rtlwifi fix to avoid a "scheduling while atomic" bug. Last but certainly not least, Arend van Spriel bring a brcmsmac fix that reworks the mac80211 .flush() callback in order to avoid the dreaded brcms_c_wait_for_tx_completion warnings. This one looks a little large, but I think it is safe and isolated to brcmsmac in any case. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2013-02-06 14:51:14 -0500
committer: David S. Miller <davem@davemloft.net> 2013-02-06 14:51:14 -0500
commit: b6ec447df935669d670e82bd66d9d161418efdfa (patch)
tree: 0a4c792efd730a59adc79d0d2476e0a4b3aa2f2e
parent: bf414b369f158bb527f9f29174ada815f961b44c (diff)
parent: b3b66ae4c8aff0636521034d824b8953dc617335 (diff)
13 files changed, 90 insertions, 35 deletions
diff --git a/drivers/bcma/bcma_private.h b/drivers/bcma/bcma_private.h
index 19e3fbfd5757..cb0c45488572 100644
--- a/drivers/bcma/bcma_private.h
+++ b/drivers/bcma/bcma_private.h
@@ -94,11 +94,16 @@ void bcma_core_pci_hostmode_init(struct bcma_drv_pci *pc);
 #ifdef CONFIG_BCMA_DRIVER_GPIO
 /* driver_gpio.c */
 int bcma_gpio_init(struct bcma_drv_cc *cc);
+int bcma_gpio_unregister(struct bcma_drv_cc *cc);
 #else
 static inline int bcma_gpio_init(struct bcma_drv_cc *cc)
 {
        return -ENOTSUPP;
 }
+static inline int bcma_gpio_unregister(struct bcma_drv_cc *cc)
+{
+        return 0;
+}
 #endif /* CONFIG_BCMA_DRIVER_GPIO */
 #endif
diff --git a/drivers/bcma/driver_gpio.c b/drivers/bcma/driver_gpio.c
index 9a6f585da2d9..71f755c06fc6 100644
--- a/drivers/bcma/driver_gpio.c
+++ b/drivers/bcma/driver_gpio.c
@@ -96,3 +96,8 @@ int bcma_gpio_init(struct bcma_drv_cc *cc)
        return gpiochip_add(chip);
 }
+int bcma_gpio_unregister(struct bcma_drv_cc *cc)
+{
+        return gpiochip_remove(&cc->gpio);
+}
diff --git a/drivers/bcma/main.c b/drivers/bcma/main.c
index 4a92f647b58b..324f9debda88 100644
--- a/drivers/bcma/main.c
+++ b/drivers/bcma/main.c
@@ -268,6 +268,13 @@ int bcma_bus_register(struct bcma_bus *bus)
 void bcma_bus_unregister(struct bcma_bus *bus)
 {
        struct bcma_device *cores[3];
+        int err;
+        err = bcma_gpio_unregister(&bus->drv_cc);
+        if (err == -EBUSY)
+                bcma_err(bus, "Some GPIOs are still in use.\n");
+        else if (err)
+                bcma_err(bus, "Can not unregister GPIO driver: %i\n", err);
        cores[0] = bcma_find_core(bus, BCMA_CORE_MIPS_74K);
        cores[1] = bcma_find_core(bus, BCMA_CORE_PCIE);
diff --git a/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c b/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c
index 0f71d1d4339d..e5fd20994bec 100644
--- a/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c
+++ b/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c
@@ -36,6 +36,7 @@
 #include "debug.h"
 #define N_TX_QUEUES     4 /* #tx queues on mac80211<->driver interface */
+#define BRCMS_FLUSH_TIMEOUT     500 /* msec */
 /* Flags we support */
 #define MAC_FILTERS (FIF_PROMISC_IN_BSS | \
@@ -708,16 +709,29 @@ static void brcms_ops_rfkill_poll(struct ieee80211_hw *hw)
        wiphy_rfkill_set_hw_state(wl->pub->ieee_hw->wiphy, blocked);
 }
+static bool brcms_tx_flush_completed(struct brcms_info *wl)
+{
+        bool result;
+        spin_lock_bh(&wl->lock);
+        result = brcms_c_tx_flush_completed(wl->wlc);
+        spin_unlock_bh(&wl->lock);
+        return result;
+}
 static void brcms_ops_flush(struct ieee80211_hw *hw, bool drop)
 {
        struct brcms_info *wl = hw->priv;
+        int ret;
        no_printk("%s: drop = %s\n", __func__, drop ? "true" : "false");
-        /* wait for packet queue and dma fifos to run empty */
+        ret = wait_event_timeout(wl->tx_flush_wq,
-        spin_lock_bh(&wl->lock);
+                                 brcms_tx_flush_completed(wl),
-        brcms_c_wait_for_tx_completion(wl->wlc, drop);
+                                 msecs_to_jiffies(BRCMS_FLUSH_TIMEOUT));
-        spin_unlock_bh(&wl->lock);
+        brcms_dbg_mac80211(wl->wlc->hw->d11core,
+                           "ret=%d\n", jiffies_to_msecs(ret));
 }
 static const struct ieee80211_ops brcms_ops = {
@@ -772,6 +786,7 @@ void brcms_dpc(unsigned long data)
 done:
        spin_unlock_bh(&wl->lock);
+        wake_up(&wl->tx_flush_wq);
 }
 /*
@@ -1020,6 +1035,8 @@ static struct brcms_info *brcms_attach(struct bcma_device *pdev)
        atomic_set(&wl->callbacks, 0);
+        init_waitqueue_head(&wl->tx_flush_wq);
        /* setup the bottom half handler */
        tasklet_init(&wl->tasklet, brcms_dpc, (unsigned long) wl);
@@ -1609,13 +1626,3 @@ bool brcms_rfkill_set_hw_state(struct brcms_info *wl)
        spin_lock_bh(&wl->lock);
        return blocked;
 }
-/*
- * precondition: perimeter lock has been acquired
- */
-void brcms_msleep(struct brcms_info *wl, uint ms)
-{
-        spin_unlock_bh(&wl->lock);
-        msleep(ms);
-        spin_lock_bh(&wl->lock);
-}
diff --git a/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.h b/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.h
index 9358bd5ebd35..947ccacf43e6 100644
--- a/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.h
+++ b/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.h
@@ -68,6 +68,8 @@ struct brcms_info {
        spinlock_t lock;        /* per-device perimeter lock */
        spinlock_t isr_lock;    /* per-device ISR synchronization lock */
+        /* tx flush */
+        wait_queue_head_t tx_flush_wq;
        /* timer related fields */
        atomic_t callbacks;     /* # outstanding callback functions */
@@ -100,7 +102,6 @@ extern struct brcms_timer *brcms_init_timer(struct brcms_info *wl,
 extern void brcms_free_timer(struct brcms_timer *timer);
 extern void brcms_add_timer(struct brcms_timer *timer, uint ms, int periodic);
 extern bool brcms_del_timer(struct brcms_timer *timer);
-extern void brcms_msleep(struct brcms_info *wl, uint ms);
 extern void brcms_dpc(unsigned long data);
 extern void brcms_timer(struct brcms_timer *t);
 extern void brcms_fatal_error(struct brcms_info *wl);
diff --git a/drivers/net/wireless/brcm80211/brcmsmac/main.c b/drivers/net/wireless/brcm80211/brcmsmac/main.c
index 9f3d7e9f3bb5..8b5839008af3 100644
--- a/drivers/net/wireless/brcm80211/brcmsmac/main.c
+++ b/drivers/net/wireless/brcm80211/brcmsmac/main.c
@@ -7511,25 +7511,16 @@ int brcms_c_get_curband(struct brcms_c_info *wlc)
        return wlc->band->bandunit;
 }
-void brcms_c_wait_for_tx_completion(struct brcms_c_info *wlc, bool drop)
+bool brcms_c_tx_flush_completed(struct brcms_c_info *wlc)
 {
-        int timeout = 20;
        int i;
        /* Kick DMA to send any pending AMPDU */
        for (i = 0; i < ARRAY_SIZE(wlc->hw->di); i++)
                if (wlc->hw->di[i])
-                        dma_txflush(wlc->hw->di[i]);
+                        dma_kick_tx(wlc->hw->di[i]);
-        /* wait for queue and DMA fifos to run dry */
+        return !brcms_txpktpendtot(wlc);
-        while (brcms_txpktpendtot(wlc) > 0) {
-                brcms_msleep(wlc->wl, 1);
-                if (--timeout == 0)
-                        break;
-        }
-        WARN_ON_ONCE(timeout == 0);
 }
 void brcms_c_set_beacon_listen_interval(struct brcms_c_info *wlc, u8 interval)
diff --git a/drivers/net/wireless/brcm80211/brcmsmac/pub.h b/drivers/net/wireless/brcm80211/brcmsmac/pub.h
index 4fb2834f4e64..b0f14b7b8616 100644
--- a/drivers/net/wireless/brcm80211/brcmsmac/pub.h
+++ b/drivers/net/wireless/brcm80211/brcmsmac/pub.h
@@ -314,8 +314,6 @@ extern void brcms_c_associate_upd(struct brcms_c_info *wlc, bool state);
 extern void brcms_c_scan_start(struct brcms_c_info *wlc);
 extern void brcms_c_scan_stop(struct brcms_c_info *wlc);
 extern int brcms_c_get_curband(struct brcms_c_info *wlc);
-extern void brcms_c_wait_for_tx_completion(struct brcms_c_info *wlc,
-                                           bool drop);
 extern int brcms_c_set_channel(struct brcms_c_info *wlc, u16 channel);
 extern int brcms_c_set_rate_limit(struct brcms_c_info *wlc, u16 srl, u16 lrl);
 extern void brcms_c_get_current_rateset(struct brcms_c_info *wlc,
@@ -332,5 +330,6 @@ extern int brcms_c_set_tx_power(struct brcms_c_info *wlc, int txpwr);
 extern int brcms_c_get_tx_power(struct brcms_c_info *wlc);
 extern bool brcms_c_check_radio_disabled(struct brcms_c_info *wlc);
 extern void brcms_c_mute(struct brcms_c_info *wlc, bool on);
+extern bool brcms_c_tx_flush_completed(struct brcms_c_info *wlc);
 #endif                          /* _BRCM_PUB_H_ */
diff --git a/drivers/net/wireless/rtlwifi/base.c b/drivers/net/wireless/rtlwifi/base.c
index 4494d130b37c..0f8b05185eda 100644
--- a/drivers/net/wireless/rtlwifi/base.c
+++ b/drivers/net/wireless/rtlwifi/base.c
@@ -1004,7 +1004,8 @@ u8 rtl_is_special_data(struct ieee80211_hw *hw, struct sk_buff *skb, u8 is_tx)
                                         is_tx ? "Tx" : "Rx");
                                if (is_tx) {
-                                        rtl_lps_leave(hw);
+                                        schedule_work(&rtlpriv->
+                                                      works.lps_leave_work);
                                        ppsc->last_delaylps_stamp_jiffies =
                                            jiffies;
                                }
@@ -1014,7 +1015,7 @@ u8 rtl_is_special_data(struct ieee80211_hw *hw, struct sk_buff *skb, u8 is_tx)
                }
        } else if (ETH_P_ARP == ether_type) {
                if (is_tx) {
-                        rtl_lps_leave(hw);
+                        schedule_work(&rtlpriv->works.lps_leave_work);
                        ppsc->last_delaylps_stamp_jiffies = jiffies;
                }
@@ -1024,7 +1025,7 @@ u8 rtl_is_special_data(struct ieee80211_hw *hw, struct sk_buff *skb, u8 is_tx)
                         "802.1X %s EAPOL pkt!!\n", is_tx ? "Tx" : "Rx");
                if (is_tx) {
-                        rtl_lps_leave(hw);
+                        schedule_work(&rtlpriv->works.lps_leave_work);
                        ppsc->last_delaylps_stamp_jiffies = jiffies;
                }
diff --git a/drivers/ssb/driver_gpio.c b/drivers/ssb/driver_gpio.c
index 97ac0a38e3d0..eb2753008ef0 100644
--- a/drivers/ssb/driver_gpio.c
+++ b/drivers/ssb/driver_gpio.c
@@ -174,3 +174,15 @@ int ssb_gpio_init(struct ssb_bus *bus)
        return -1;
 }
+int ssb_gpio_unregister(struct ssb_bus *bus)
+{
+        if (ssb_chipco_available(&bus->chipco) ||
+            ssb_extif_available(&bus->extif)) {
+                return gpiochip_remove(&bus->gpio);
+        } else {
+                SSB_WARN_ON(1);
+        }
+        return -1;
+}
diff --git a/drivers/ssb/main.c b/drivers/ssb/main.c
index 772ad9b5c304..24dc331b4701 100644
--- a/drivers/ssb/main.c
+++ b/drivers/ssb/main.c
@@ -443,6 +443,15 @@ static void ssb_devices_unregister(struct ssb_bus *bus)
 void ssb_bus_unregister(struct ssb_bus *bus)
 {
+        int err;
+        err = ssb_gpio_unregister(bus);
+        if (err == -EBUSY)
+                ssb_dprintk(KERN_ERR PFX "Some GPIOs are still in use.\n");
+        else if (err)
+                ssb_dprintk(KERN_ERR PFX
+                            "Can not unregister GPIO driver: %i\n", err);
        ssb_buses_lock();
        ssb_devices_unregister(bus);
        list_del(&bus->list);
diff --git a/drivers/ssb/ssb_private.h b/drivers/ssb/ssb_private.h
index 6c10b66c796c..da38305a2d22 100644
--- a/drivers/ssb/ssb_private.h
+++ b/drivers/ssb/ssb_private.h
@@ -252,11 +252,16 @@ static inline void ssb_extif_init(struct ssb_extif *extif)
 #ifdef CONFIG_SSB_DRIVER_GPIO
 extern int ssb_gpio_init(struct ssb_bus *bus);
+extern int ssb_gpio_unregister(struct ssb_bus *bus);
 #else /* CONFIG_SSB_DRIVER_GPIO */
 static inline int ssb_gpio_init(struct ssb_bus *bus)
 {
        return -ENOTSUPP;
 }
+static inline int ssb_gpio_unregister(struct ssb_bus *bus)
+{
+        return 0;
+}
 #endif /* CONFIG_SSB_DRIVER_GPIO */
 #endif /* LINUX_SSB_PRIVATE_H_ */
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 25bfce0666eb..4925a02ae7e4 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -249,12 +249,12 @@ static void hci_conn_disconnect(struct hci_conn *conn)
        __u8 reason = hci_proto_disconn_ind(conn);
        switch (conn->type) {
-        case ACL_LINK:
-                hci_acl_disconn(conn, reason);
-                break;
        case AMP_LINK:
                hci_amp_disconn(conn, reason);
                break;
+        default:
+                hci_acl_disconn(conn, reason);
+                break;
        }
 }
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 68a9587c9694..5abefb12891d 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -859,6 +859,19 @@ int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
        skb_pull(skb, sizeof(code));
+        /*
+         * The SMP context must be initialized for all other PDUs except
+         * pairing and security requests. If we get any other PDU when
+         * not initialized simply disconnect (done if this function
+         * returns an error).
+         */
+        if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
+            !conn->smp_chan) {
+                BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
+                kfree_skb(skb);
+                return -ENOTSUPP;
+        }
        switch (code) {
        case SMP_CMD_PAIRING_REQ:
                reason = smp_cmd_pairing_req(conn, skb);
author	David S. Miller <davem@davemloft.net>	2013-02-06 14:51:14 -0500
committer	David S. Miller <davem@davemloft.net>	2013-02-06 14:51:14 -0500
commit	b6ec447df935669d670e82bd66d9d161418efdfa (patch)
tree	0a4c792efd730a59adc79d0d2476e0a4b3aa2f2e
parent	bf414b369f158bb527f9f29174ada815f961b44c (diff)
parent	b3b66ae4c8aff0636521034d824b8953dc617335 (diff)

diff --git a/drivers/bcma/bcma_private.h b/drivers/bcma/bcma_private.h index 19e3fbfd5757..cb0c45488572 100644 --- a/drivers/bcma/bcma_private.h +++ b/drivers/bcma/bcma_private.h
@@ -94,11 +94,16 @@ void bcma_core_pci_hostmode_init(struct bcma_drv_pci *pc);
94	#ifdef CONFIG_BCMA_DRIVER_GPIO	94	#ifdef CONFIG_BCMA_DRIVER_GPIO
95	/* driver_gpio.c */	95	/* driver_gpio.c */
96	int bcma_gpio_init(struct bcma_drv_cc *cc);	96	int bcma_gpio_init(struct bcma_drv_cc *cc);
		97	int bcma_gpio_unregister(struct bcma_drv_cc *cc);
97	#else	98	#else
98	static inline int bcma_gpio_init(struct bcma_drv_cc *cc)	99	static inline int bcma_gpio_init(struct bcma_drv_cc *cc)
99	{	100	{
100	return -ENOTSUPP;	101	return -ENOTSUPP;
101	}	102	}
		103	static inline int bcma_gpio_unregister(struct bcma_drv_cc *cc)
		104	{
		105	return 0;
		106	}
102	#endif /* CONFIG_BCMA_DRIVER_GPIO */	107	#endif /* CONFIG_BCMA_DRIVER_GPIO */
103		108
104	#endif	109	#endif


diff --git a/drivers/bcma/driver_gpio.c b/drivers/bcma/driver_gpio.c index 9a6f585da2d9..71f755c06fc6 100644 --- a/drivers/bcma/driver_gpio.c +++ b/drivers/bcma/driver_gpio.c
@@ -96,3 +96,8 @@ int bcma_gpio_init(struct bcma_drv_cc *cc)
96		96
97	return gpiochip_add(chip);	97	return gpiochip_add(chip);
98	}	98	}
		99
		100	int bcma_gpio_unregister(struct bcma_drv_cc *cc)
		101	{
		102	return gpiochip_remove(&cc->gpio);
		103	}


diff --git a/drivers/bcma/main.c b/drivers/bcma/main.c index 4a92f647b58b..324f9debda88 100644 --- a/drivers/bcma/main.c +++ b/drivers/bcma/main.c
@@ -268,6 +268,13 @@ int bcma_bus_register(struct bcma_bus *bus)
268	void bcma_bus_unregister(struct bcma_bus *bus)	268	void bcma_bus_unregister(struct bcma_bus *bus)
269	{	269	{
270	struct bcma_device *cores[3];	270	struct bcma_device *cores[3];
		271	int err;
		272
		273	err = bcma_gpio_unregister(&bus->drv_cc);
		274	if (err == -EBUSY)
		275	bcma_err(bus, "Some GPIOs are still in use.\n");
		276	else if (err)
		277	bcma_err(bus, "Can not unregister GPIO driver: %i\n", err);
271		278
272	cores[0] = bcma_find_core(bus, BCMA_CORE_MIPS_74K);	279	cores[0] = bcma_find_core(bus, BCMA_CORE_MIPS_74K);
273	cores[1] = bcma_find_core(bus, BCMA_CORE_PCIE);	280	cores[1] = bcma_find_core(bus, BCMA_CORE_PCIE);


diff --git a/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c b/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c index 0f71d1d4339d..e5fd20994bec 100644 --- a/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c +++ b/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c
@@ -36,6 +36,7 @@
36	#include "debug.h"	36	#include "debug.h"
37		37
38	#define N_TX_QUEUES 4 /* #tx queues on mac80211<->driver interface */	38	#define N_TX_QUEUES 4 /* #tx queues on mac80211<->driver interface */
		39	#define BRCMS_FLUSH_TIMEOUT 500 /* msec */
39		40
40	/* Flags we support */	41	/* Flags we support */
41	#define MAC_FILTERS (FIF_PROMISC_IN_BSS \| \	42	#define MAC_FILTERS (FIF_PROMISC_IN_BSS \| \
@@ -708,16 +709,29 @@ static void brcms_ops_rfkill_poll(struct ieee80211_hw *hw)
708	wiphy_rfkill_set_hw_state(wl->pub->ieee_hw->wiphy, blocked);	709	wiphy_rfkill_set_hw_state(wl->pub->ieee_hw->wiphy, blocked);
709	}	710	}
710		711
		712	static bool brcms_tx_flush_completed(struct brcms_info *wl)
		713	{
		714	bool result;
		715
		716	spin_lock_bh(&wl->lock);
		717	result = brcms_c_tx_flush_completed(wl->wlc);
		718	spin_unlock_bh(&wl->lock);
		719	return result;
		720	}
		721
711	static void brcms_ops_flush(struct ieee80211_hw *hw, bool drop)	722	static void brcms_ops_flush(struct ieee80211_hw *hw, bool drop)
712	{	723	{
713	struct brcms_info *wl = hw->priv;	724	struct brcms_info *wl = hw->priv;
		725	int ret;
714		726
715	no_printk("%s: drop = %s\n", __func__, drop ? "true" : "false");	727	no_printk("%s: drop = %s\n", __func__, drop ? "true" : "false");
716		728
717	/* wait for packet queue and dma fifos to run empty */	729	ret = wait_event_timeout(wl->tx_flush_wq,
718	spin_lock_bh(&wl->lock);	730	brcms_tx_flush_completed(wl),
719	brcms_c_wait_for_tx_completion(wl->wlc, drop);	731	msecs_to_jiffies(BRCMS_FLUSH_TIMEOUT));
720	spin_unlock_bh(&wl->lock);	732
		733	brcms_dbg_mac80211(wl->wlc->hw->d11core,
		734	"ret=%d\n", jiffies_to_msecs(ret));
721	}	735	}
722		736
723	static const struct ieee80211_ops brcms_ops = {	737	static const struct ieee80211_ops brcms_ops = {
@@ -772,6 +786,7 @@ void brcms_dpc(unsigned long data)
772		786
773	done:	787	done:
774	spin_unlock_bh(&wl->lock);	788	spin_unlock_bh(&wl->lock);
		789	wake_up(&wl->tx_flush_wq);
775	}	790	}
776		791
777	/*	792	/*
@@ -1020,6 +1035,8 @@ static struct brcms_info brcms_attach(struct bcma_device pdev)
1020		1035
1021	atomic_set(&wl->callbacks, 0);	1036	atomic_set(&wl->callbacks, 0);
1022		1037
		1038	init_waitqueue_head(&wl->tx_flush_wq);
		1039
1023	/* setup the bottom half handler */	1040	/* setup the bottom half handler */
1024	tasklet_init(&wl->tasklet, brcms_dpc, (unsigned long) wl);	1041	tasklet_init(&wl->tasklet, brcms_dpc, (unsigned long) wl);
1025		1042
@@ -1609,13 +1626,3 @@ bool brcms_rfkill_set_hw_state(struct brcms_info *wl)
1609	spin_lock_bh(&wl->lock);	1626	spin_lock_bh(&wl->lock);
1610	return blocked;	1627	return blocked;
1611	}	1628	}
1612
1613	/*
1614	* precondition: perimeter lock has been acquired
1615	*/
1616	void brcms_msleep(struct brcms_info *wl, uint ms)
1617	{
1618	spin_unlock_bh(&wl->lock);
1619	msleep(ms);
1620	spin_lock_bh(&wl->lock);
1621	}


diff --git a/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.h b/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.h index 9358bd5ebd35..947ccacf43e6 100644 --- a/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.h +++ b/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.h
@@ -68,6 +68,8 @@ struct brcms_info {
68	spinlock_t lock; /* per-device perimeter lock */	68	spinlock_t lock; /* per-device perimeter lock */
69	spinlock_t isr_lock; /* per-device ISR synchronization lock */	69	spinlock_t isr_lock; /* per-device ISR synchronization lock */
70		70
		71	/* tx flush */
		72	wait_queue_head_t tx_flush_wq;
71		73
72	/* timer related fields */	74	/* timer related fields */
73	atomic_t callbacks; /* # outstanding callback functions */	75	atomic_t callbacks; /* # outstanding callback functions */
@@ -100,7 +102,6 @@ extern struct brcms_timer brcms_init_timer(struct brcms_info wl,
100	extern void brcms_free_timer(struct brcms_timer *timer);	102	extern void brcms_free_timer(struct brcms_timer *timer);
101	extern void brcms_add_timer(struct brcms_timer *timer, uint ms, int periodic);	103	extern void brcms_add_timer(struct brcms_timer *timer, uint ms, int periodic);
102	extern bool brcms_del_timer(struct brcms_timer *timer);	104	extern bool brcms_del_timer(struct brcms_timer *timer);
103	extern void brcms_msleep(struct brcms_info *wl, uint ms);
104	extern void brcms_dpc(unsigned long data);	105	extern void brcms_dpc(unsigned long data);
105	extern void brcms_timer(struct brcms_timer *t);	106	extern void brcms_timer(struct brcms_timer *t);
106	extern void brcms_fatal_error(struct brcms_info *wl);	107	extern void brcms_fatal_error(struct brcms_info *wl);


diff --git a/drivers/net/wireless/brcm80211/brcmsmac/main.c b/drivers/net/wireless/brcm80211/brcmsmac/main.c index 9f3d7e9f3bb5..8b5839008af3 100644 --- a/drivers/net/wireless/brcm80211/brcmsmac/main.c +++ b/drivers/net/wireless/brcm80211/brcmsmac/main.c
@@ -7511,25 +7511,16 @@ int brcms_c_get_curband(struct brcms_c_info *wlc)
7511	return wlc->band->bandunit;	7511	return wlc->band->bandunit;
7512	}	7512	}
7513		7513
7514	void brcms_c_wait_for_tx_completion(struct brcms_c_info *wlc, bool drop)	7514	bool brcms_c_tx_flush_completed(struct brcms_c_info *wlc)
7515	{	7515	{
7516	int timeout = 20;
7517	int i;	7516	int i;
7518		7517
7519	/* Kick DMA to send any pending AMPDU */	7518	/* Kick DMA to send any pending AMPDU */
7520	for (i = 0; i < ARRAY_SIZE(wlc->hw->di); i++)	7519	for (i = 0; i < ARRAY_SIZE(wlc->hw->di); i++)
7521	if (wlc->hw->di[i])	7520	if (wlc->hw->di[i])
7522	dma_txflush(wlc->hw->di[i]);	7521	dma_kick_tx(wlc->hw->di[i]);
7523		7522
7524	/* wait for queue and DMA fifos to run dry */	7523	return !brcms_txpktpendtot(wlc);
7525	while (brcms_txpktpendtot(wlc) > 0) {
7526	brcms_msleep(wlc->wl, 1);
7527
7528	if (--timeout == 0)
7529	break;
7530	}
7531
7532	WARN_ON_ONCE(timeout == 0);
7533	}	7524	}
7534		7525
7535	void brcms_c_set_beacon_listen_interval(struct brcms_c_info *wlc, u8 interval)	7526	void brcms_c_set_beacon_listen_interval(struct brcms_c_info *wlc, u8 interval)


diff --git a/drivers/net/wireless/brcm80211/brcmsmac/pub.h b/drivers/net/wireless/brcm80211/brcmsmac/pub.h index 4fb2834f4e64..b0f14b7b8616 100644 --- a/drivers/net/wireless/brcm80211/brcmsmac/pub.h +++ b/drivers/net/wireless/brcm80211/brcmsmac/pub.h
@@ -314,8 +314,6 @@ extern void brcms_c_associate_upd(struct brcms_c_info *wlc, bool state);
314	extern void brcms_c_scan_start(struct brcms_c_info *wlc);	314	extern void brcms_c_scan_start(struct brcms_c_info *wlc);
315	extern void brcms_c_scan_stop(struct brcms_c_info *wlc);	315	extern void brcms_c_scan_stop(struct brcms_c_info *wlc);
316	extern int brcms_c_get_curband(struct brcms_c_info *wlc);	316	extern int brcms_c_get_curband(struct brcms_c_info *wlc);
317	extern void brcms_c_wait_for_tx_completion(struct brcms_c_info *wlc,
318	bool drop);
319	extern int brcms_c_set_channel(struct brcms_c_info *wlc, u16 channel);	317	extern int brcms_c_set_channel(struct brcms_c_info *wlc, u16 channel);
320	extern int brcms_c_set_rate_limit(struct brcms_c_info *wlc, u16 srl, u16 lrl);	318	extern int brcms_c_set_rate_limit(struct brcms_c_info *wlc, u16 srl, u16 lrl);
321	extern void brcms_c_get_current_rateset(struct brcms_c_info *wlc,	319	extern void brcms_c_get_current_rateset(struct brcms_c_info *wlc,
@@ -332,5 +330,6 @@ extern int brcms_c_set_tx_power(struct brcms_c_info *wlc, int txpwr);
332	extern int brcms_c_get_tx_power(struct brcms_c_info *wlc);	330	extern int brcms_c_get_tx_power(struct brcms_c_info *wlc);
333	extern bool brcms_c_check_radio_disabled(struct brcms_c_info *wlc);	331	extern bool brcms_c_check_radio_disabled(struct brcms_c_info *wlc);
334	extern void brcms_c_mute(struct brcms_c_info *wlc, bool on);	332	extern void brcms_c_mute(struct brcms_c_info *wlc, bool on);
		333	extern bool brcms_c_tx_flush_completed(struct brcms_c_info *wlc);
335		334
336	#endif /* _BRCM_PUB_H_ */	335	#endif /* _BRCM_PUB_H_ */


diff --git a/drivers/net/wireless/rtlwifi/base.c b/drivers/net/wireless/rtlwifi/base.c index 4494d130b37c..0f8b05185eda 100644 --- a/drivers/net/wireless/rtlwifi/base.c +++ b/drivers/net/wireless/rtlwifi/base.c
@@ -1004,7 +1004,8 @@ u8 rtl_is_special_data(struct ieee80211_hw hw, struct sk_buff skb, u8 is_tx)
1004	is_tx ? "Tx" : "Rx");	1004	is_tx ? "Tx" : "Rx");
1005		1005
1006	if (is_tx) {	1006	if (is_tx) {
1007	rtl_lps_leave(hw);	1007	schedule_work(&rtlpriv->
		1008	works.lps_leave_work);
1008	ppsc->last_delaylps_stamp_jiffies =	1009	ppsc->last_delaylps_stamp_jiffies =
1009	jiffies;	1010	jiffies;
1010	}	1011	}
@@ -1014,7 +1015,7 @@ u8 rtl_is_special_data(struct ieee80211_hw hw, struct sk_buff skb, u8 is_tx)
1014	}	1015	}
1015	} else if (ETH_P_ARP == ether_type) {	1016	} else if (ETH_P_ARP == ether_type) {
1016	if (is_tx) {	1017	if (is_tx) {
1017	rtl_lps_leave(hw);	1018	schedule_work(&rtlpriv->works.lps_leave_work);
1018	ppsc->last_delaylps_stamp_jiffies = jiffies;	1019	ppsc->last_delaylps_stamp_jiffies = jiffies;
1019	}	1020	}
1020		1021
@@ -1024,7 +1025,7 @@ u8 rtl_is_special_data(struct ieee80211_hw hw, struct sk_buff skb, u8 is_tx)
1024	"802.1X %s EAPOL pkt!!\n", is_tx ? "Tx" : "Rx");	1025	"802.1X %s EAPOL pkt!!\n", is_tx ? "Tx" : "Rx");
1025		1026
1026	if (is_tx) {	1027	if (is_tx) {
1027	rtl_lps_leave(hw);	1028	schedule_work(&rtlpriv->works.lps_leave_work);
1028	ppsc->last_delaylps_stamp_jiffies = jiffies;	1029	ppsc->last_delaylps_stamp_jiffies = jiffies;
1029	}	1030	}
1030		1031


diff --git a/drivers/ssb/driver_gpio.c b/drivers/ssb/driver_gpio.c index 97ac0a38e3d0..eb2753008ef0 100644 --- a/drivers/ssb/driver_gpio.c +++ b/drivers/ssb/driver_gpio.c
@@ -174,3 +174,15 @@ int ssb_gpio_init(struct ssb_bus *bus)
174		174
175	return -1;	175	return -1;
176	}	176	}
		177
		178	int ssb_gpio_unregister(struct ssb_bus *bus)
		179	{
		180	if (ssb_chipco_available(&bus->chipco) \|\|
		181	ssb_extif_available(&bus->extif)) {
		182	return gpiochip_remove(&bus->gpio);
		183	} else {
		184	SSB_WARN_ON(1);
		185	}
		186
		187	return -1;
		188	}


diff --git a/drivers/ssb/main.c b/drivers/ssb/main.c index 772ad9b5c304..24dc331b4701 100644 --- a/drivers/ssb/main.c +++ b/drivers/ssb/main.c
@@ -443,6 +443,15 @@ static void ssb_devices_unregister(struct ssb_bus *bus)
443		443
444	void ssb_bus_unregister(struct ssb_bus *bus)	444	void ssb_bus_unregister(struct ssb_bus *bus)
445	{	445	{
		446	int err;
		447
		448	err = ssb_gpio_unregister(bus);
		449	if (err == -EBUSY)
		450	ssb_dprintk(KERN_ERR PFX "Some GPIOs are still in use.\n");
		451	else if (err)
		452	ssb_dprintk(KERN_ERR PFX
		453	"Can not unregister GPIO driver: %i\n", err);
		454
446	ssb_buses_lock();	455	ssb_buses_lock();
447	ssb_devices_unregister(bus);	456	ssb_devices_unregister(bus);
448	list_del(&bus->list);	457	list_del(&bus->list);


diff --git a/drivers/ssb/ssb_private.h b/drivers/ssb/ssb_private.h index 6c10b66c796c..da38305a2d22 100644 --- a/drivers/ssb/ssb_private.h +++ b/drivers/ssb/ssb_private.h
@@ -252,11 +252,16 @@ static inline void ssb_extif_init(struct ssb_extif *extif)
252		252
253	#ifdef CONFIG_SSB_DRIVER_GPIO	253	#ifdef CONFIG_SSB_DRIVER_GPIO
254	extern int ssb_gpio_init(struct ssb_bus *bus);	254	extern int ssb_gpio_init(struct ssb_bus *bus);
		255	extern int ssb_gpio_unregister(struct ssb_bus *bus);
255	#else /* CONFIG_SSB_DRIVER_GPIO */	256	#else /* CONFIG_SSB_DRIVER_GPIO */
256	static inline int ssb_gpio_init(struct ssb_bus *bus)	257	static inline int ssb_gpio_init(struct ssb_bus *bus)
257	{	258	{
258	return -ENOTSUPP;	259	return -ENOTSUPP;
259	}	260	}
		261	static inline int ssb_gpio_unregister(struct ssb_bus *bus)
		262	{
		263	return 0;
		264	}
260	#endif /* CONFIG_SSB_DRIVER_GPIO */	265	#endif /* CONFIG_SSB_DRIVER_GPIO */
261		266
262	#endif /* LINUX_SSB_PRIVATE_H_ */	267	#endif /* LINUX_SSB_PRIVATE_H_ */


diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index 25bfce0666eb..4925a02ae7e4 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c
@@ -249,12 +249,12 @@ static void hci_conn_disconnect(struct hci_conn *conn)
249	__u8 reason = hci_proto_disconn_ind(conn);	249	__u8 reason = hci_proto_disconn_ind(conn);
250		250
251	switch (conn->type) {	251	switch (conn->type) {
252	case ACL_LINK:
253	hci_acl_disconn(conn, reason);
254	break;
255	case AMP_LINK:	252	case AMP_LINK:
256	hci_amp_disconn(conn, reason);	253	hci_amp_disconn(conn, reason);
257	break;	254	break;
		255	default:
		256	hci_acl_disconn(conn, reason);
		257	break;
258	}	258	}
259	}	259	}
260		260


diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 68a9587c9694..5abefb12891d 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c
@@ -859,6 +859,19 @@ int smp_sig_channel(struct l2cap_conn conn, struct sk_buff skb)
859		859
860	skb_pull(skb, sizeof(code));	860	skb_pull(skb, sizeof(code));
861		861
		862	/*
		863	* The SMP context must be initialized for all other PDUs except
		864	* pairing and security requests. If we get any other PDU when
		865	* not initialized simply disconnect (done if this function
		866	* returns an error).
		867	*/
		868	if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
		869	!conn->smp_chan) {
		870	BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
		871	kfree_skb(skb);
		872	return -ENOTSUPP;
		873	}
		874
862	switch (code) {	875	switch (code) {
863	case SMP_CMD_PAIRING_REQ:	876	case SMP_CMD_PAIRING_REQ:
864	reason = smp_cmd_pairing_req(conn, skb);	877	reason = smp_cmd_pairing_req(conn, skb);